Can you explain this vulnerability to me?

CVE-2026-29787 is a moderate severity information disclosure vulnerability in the mcp-memory-service package versions prior to 10.21.0. The vulnerability occurs because the /api/health/detailed HTTP endpoint returns extensive system information such as OS version, Python version, CPU count, memory and disk usage, and the full database filesystem path.

When the environment variable MCP_ALLOW_ANONYMOUS_ACCESS=true is set, this endpoint is accessible without any authentication. Additionally, the service binds by default to 0.0.0.0, exposing this sensitive information to the entire network.

This allows attackers on the network to perform reconnaissance by gathering detailed system and environment information without credentials, facilitating targeted attacks or direct database access.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

[{'type': 'paragraph', 'content': 'This vulnerability can impact you by exposing sensitive system information to unauthorized users on the network. Attackers can obtain OS fingerprinting details, kernel version, Python version, CPU and memory resources, disk usage, and the exact database file path.'}, {'type': 'paragraph', 'content': "Such information disclosure can enable attackers to identify specific vulnerabilities to exploit, understand your system's infrastructure scale, and potentially gain easier access to your database or other resources."}, {'type': 'list_item', 'content': 'OS fingerprinting and kernel version disclosure enabling targeted exploits.'}, {'type': 'list_item', 'content': 'Disclosure of database filesystem path revealing usernames and directory structure.'}, {'type': 'list_item', 'content': 'Resource enumeration revealing infrastructure scale.'}, {'type': 'list_item', 'content': 'Facilitation of reconnaissance for follow-up attacks.'}] [1]

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking if the mcp-memory-service is running and accessible on the network, especially on port 8000, and if the /api/health/detailed endpoint is accessible without authentication when the environment variable MCP_ALLOW_ANONYMOUS_ACCESS=true is set.

You can use network scanning tools and HTTP requests to detect the vulnerability. For example:

• Use nmap to scan for the service on port 8000: nmap -p 8000 <target-ip>
• Use curl or wget to access the detailed health endpoint without authentication: curl http://<target-ip>:8000/api/health/detailed
• If the response contains detailed system information such as OS version, Python version, CPU count, memory and disk usage, or the full database filesystem path, the system is vulnerable.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include:

• Upgrade mcp-memory-service to version 10.21.0 or later, where the vulnerability is patched.
• Ensure that the environment variable MCP_ALLOW_ANONYMOUS_ACCESS is not set to true, or disable anonymous access to prevent unauthenticated users from accessing sensitive endpoints.
• Change the default HTTP server binding from 0.0.0.0 (all interfaces) to 127.0.0.1 (localhost) to restrict access to the local machine only.
• Restrict access to the /api/health/detailed endpoint by requiring authenticated write access instead of allowing anonymous or read-only access.
• Remove or sanitize sensitive system information from health endpoints to avoid exposing OS version, Python version, CPU count, memory, disk usage, and database paths.

Useful 0 Not Useful 0